tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

KVM: arm64: Hide S1POE from guests when not supported by the host

When CONFIG_ARM64_POE is disabled, KVM does not save/restore POR_EL1.
However, ID_AA64MMFR3_EL1 sanitisation currently exposes the feature to
guests whenever the hardware supports it, ignoring the host kernel
configuration.

If a guest detects this feature and attempts to use it, the host will
fail to context-switch POR_EL1, potentially leading to state corruption.

Fix this by masking ID_AA64MMFR3_EL1.S1POE in the sanitised system
registers, preventing KVM from advertising the feature when the host
does not support it (i.e. system_supports_poe() is false).

Fixes: 70ed7238297f ("KVM: arm64: Sanitise ID_AA64MMFR3_EL1")
Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://patch.msgid.link/20260213143815.1732675-2-tabba@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

authored by

Fuad Tabba and committed by
Marc Zyngier f66857ba 63163661

+3
+3
arch/arm64/kvm/sys_regs.c
··· 1816 1816 ID_AA64MMFR3_EL1_SCTLRX | 1817 1817 ID_AA64MMFR3_EL1_S1POE | 1818 1818 ID_AA64MMFR3_EL1_S1PIE; 1819 + 1820 + if (!system_supports_poe()) 1821 + val &= ~ID_AA64MMFR3_EL1_S1POE; 1819 1822 break; 1820 1823 case SYS_ID_MMFR4_EL1: 1821 1824 val &= ~ID_MMFR4_EL1_CCIDX;